Contents

Shell access

Anyone in the https://www.osgeo.org/cgi-bin/auth/ldap_shell.py has ssh access, and anyone in this group can add new people via the link. Sudo access can be provided by existing sudoer's by adding folks to the sudoers group in /etc/group, though it is normal practice to try and only extend sudo access to one user per project.

It is a shared environment and it is important that folks making changes on the system be aware of the impact they might have on other hosted services. Apache changes should be made carefully and needfully. Think about security!

PostgreSQL server

Drone service

SSL certificates

LetsEncrypt was configured by Jeff McKenna on 2018-07-27 for mapserver.org, gdal.org, grass.osgeo.org, grasswiki.osgeo.org, drone.osgeo.org, and lists.osgeo.org using certbot-auto

careful: check the conf files in /etc/apache2/sites-enabled/ to make sure that the VirtualHost settings do not include something like <VirtualHost _default_:443> and instead should point to the IP such as <VirtualHost 140.211.15.3:443> or else the certificate loaded will always default to mapserver.org

certbot-auto lives in /usr/local/sbin.

to add more sites, run the command:

certbot-auto --apache -d mapserver.org -d www.mapserver.org

a cronjob (certbot-auto renew) was created to check for renewal twice a day